I'd like to ask if you think it's worthwhile is pursuing
finely grained tree permissions? Would this improve security
to leave out everything but only files/folders necessary for
writing - to galaxy user what needs to write everything else
Or just full perms to galaxy user on whole tree is the only way?